AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/26/2022

Russian hackers are linked to new Brexit leak website, Google says

A new website that published leaked emails from several leading proponents of Britain’s exit from the European Union is tied to Russian hackers, according to a Google cybersecurity official and the former head of UK foreign intelligence. The website – titled “Very English Coop d’Etat” – says it has published private emails from former British spymaster Richard Dearlove, leading Brexit campaigner Gisela Stuart, pro-Brexit historian Robert Tombs, and other supporters of Britain’s divorce from the EU, which was finalized in January 2020. The site contends that they are part of a group of hardline pro-Brexit figures secretly calling the shots in the United Kingdom.

 

Remote bricking of Ukrainian tractors raises agriculture security concerns

Against the backdrop of horrific reports from Russia’s Ukraine invasion, an encouraging story emerged earlier this month when unidentified Ukrainians remotely disabled tractors worth $5 million that Russian soldiers in the occupied city of Melitopol stole from Agrotek-Invest, an authorized John Deere dealer. The soldiers stole 27 pieces of farm machinery and shipped them primarily to Chechnya, 700 miles away, only to discover they had been rendered inoperable due to a “kill switch.” The dealership tracked the machinery using the tractors’ embedded GPS technology. Although the equipment was reportedly languishing at a farm near Grozny on May 1, one source said the Russians had found consultants who would try to bypass the digital protection that bricked the machines. Some observers fear that malicious actors could exploit the same technology Deere and other manufacturers use to update and monitor farm equipment. If successfully accomplished on a large-enough scale, a cyberattack could disrupt significant portions of what has become critical agricultural infrastructure.

 

Twitter Fined $150 Million for Misusing Users’ Data for Advertising Without Consent

Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission (FTC) to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty for “misrepresenting its privacy and security practices,” the company has been banned from profiting from the deceptively collected data and ordered to notify all affected users. “Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” FTC Chair Lina M. Khan said in a statement. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”

 

State of Cybersecurity Report 2022 Names Ransomware and Nation-State Attacks As Biggest Threats

This attack vector was voted as the biggest cybersecurity trend (28%) by the survey respondents (including CISOs, CTOs, CIOs and academics), marking a significant change from the previous report in 2020, where ransomware did not break the top three. This follows surging ransomware incidents in 2021, with ransom demands and payments growing significantly last year. A number of these attacks have also impacted critical industries, for example, taking down the US’ largest fuel pipeline. Victoria Baines, visiting research fellow at Bournemouth University, noted: “It started to have an impact on critical infrastructure, on states, on operational technology, and on large manufacturers. We went from a consumer citizen ransom of a couple of thousand dollars to millions for some of those higher-value targets.”

 

Suspected phishing email crime boss cuffed in Nigeria

Interpol and cops in Africa have arrested a Nigerian man suspected of running a multi-continent cybercrime ring that specialized in phishing emails targeting businesses. His alleged operation was responsible for so-called business email compromise (BEC), a mix of fraud and social engineering in which staff at targeted companies are hoodwinked into, for example, wiring funds to scammers or sending out sensitive information. This can be done by sending messages that impersonate executives or suppliers, with instructions on where to send payments or data, sometimes by breaking into an employee’s work email account to do so. The 37-year-old’s detention is part of a year-long, counter-BEC initiative code-named Operation Delilah that involved international law enforcement, and started with intelligence from cybersecurity companies Group-IB, Palo Alto Networks Unit 42, and Trend Micro.

 

Hijacking of popular ctx and phpass packages reveals open source security gaps

The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send them to a Heroku app. But what at first seemed like the work of a malicious actor turned out to be an exploit by a security researcher, who wanted to demonstrate how easy it is to take control of popular packages and the repositories hosting them. In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, talks about the tactics used by the researcher Yunus Aydin (aka “SockPuppets”) and what they revealed about the security gaps that can be misused to mount supply chain compromises affecting the open source community. He also offers advice for users of third-party open source packages.

Related Posts